Rdesktop: Remote Control with Security Holes

Security researchers iDefense have disclosed three vulnerabilities in the Rdesktop Remote Client.

The Rdesktop RDP client has three different vulnerabilities that are open to remote code injection attacks.

The Remote Desktop Protocol (RDP) was created by Microsoft as a basis for terminal services and is also used for remote maintenance of computers.

The first vulnerability is hidden in the "iso.c" file. An integer underflow bug triggers a heap-based buffer overflow on processing manipulated RDP requests. An input validation error in "rdp.c" results in a BSS-based buffer overflow triggered by redirect requests, and an error in the "xrealloc()" function also leads to a heap-based buffer overflow .

According to iDenfense the errors affect Rdesktop version 1.5.0, which was released in September 2006. Earlier versions of the application may be affected. The Rdesktop developers have already removed the vulnerabilities on the CVS. Regular users are thus advised to build the RDP client from the current source code. Users who prefer to avoid the overhead, are advised to reject incoming offers of support from unknown sources.

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.